Perform immediate event normalization and correlation

Optimize threat detection and compliance reporting by reducing billions of events and flows into a handful of actionable offenses and prioritize them according to business impact. Perform activity baselining and anomaly detection to identify changes in behavior associated with applications, hosts, users and areas of the network. Use IBM® X-Force® Threat Intelligence (optional) to identify activity associated with suspicious IP addresses, such as those suspected of hosting malware.

Sense, track and link significant incidents and threats

Simplify and enhance investigations by performing event and flow analysis using either near real-time streaming or historical data. Add IBM QRadar® QFlow and IBM QRadar VFlow Collector for deep insight and visibility into applications, databases, collaboration products and social media through deep packet inspection of Layer 7 network traffic.

Deploy QRadar SIEM on premises or in cloud environments

Collect events and flows from applications running both in the cloud and on-premises, or have IBM deploy, manage and maintain your QRadar infrastructure while your staff performs security threat management tasks.

Provide enforcement of data-privacy policies

Includes an intuitive reporting engine that does not require advanced database and report-writing skills. Provide the transparency, accountability and measurability to meet regulatory mandates and compliance reporting.